Senior Information Security Engineer designing secure software solutions at Mechanical Orchard, specializing in application security and cloud environments.
Responsibilities
Build Security into Development: Work alongside engineering teams to integrate security throughout the SDLC; from design reviews and threat modeling to secure coding practices. Conduct security assessments of applications, APIs, and cloud infrastructure. Guide developers on secure authentication, authorization, cryptography, and data protection. Champion security best practices while maintaining developer velocity and trust.
Implement Security Tooling & Automation: Deploy and manage application security tools including SAST, DAST, SCA, and container scanning. Build automation for security testing in CI/CD pipelines. Implement and improve secrets management solutions. Create dashboards and metrics to track security posture.
Drive Security Initiatives: Lead application vulnerability management programs including triage, prioritization, and driving remediation. Support security compliance efforts (SOC 2, ISO 27001, or similar frameworks). Contribute to incident response and security event investigation. Develop security training and documentation for engineering teams.
Collaborate Across Teams: Partner with infrastructure and DevOps teams on cloud security controls. Perform risk assessments for new features, technologies, and third-party integrations. Participate in architecture reviews and provide security guidance.
Requirements
Bachelor’s degree in Computer Science, Software Engineering, Information Security, or a related technical field, or equivalent practical experience.
Strong written and verbal communication skills in English.
5+ years of professional experience in information security, with a significant focus on application and cloud security.
Professional software development experience, with hands-on responsibility for designing, building, and maintaining production systems in a language like Python, Go, Java, JavaScript, or similar.
Strong understanding of application security principles: OWASP Top 10, secure authentication/authorization, encryption, API security.
Experience with cloud platforms (AWS, GCP, or Azure) and cloud-native security.
Hands-on experience with CI/CD systems and DevOps practices.
Knowledge of container security and orchestration platforms (Docker, Kubernetes).
Experience implementing security tools like SAST/DAST scanners, dependency checkers, or secrets detection.
Experience with security tools such as Aikido, Snyk, Semgrep, Trivy, Wiz, HashiCorp Vault, or similar.
Collaborative mindset—you build security solutions with engineers, not against them.
Benefits
Employee accommodations for disabilities.
Equal employment opportunities for all applicants.
Hiring a Threat Modeler / Security Architect with development background for hybrid full - time role in Canada, focusing on application security, threat modeling, and DevSecOps.
Network & Perimeter Security Specialist II - Firewall at Enbridge enhancing security architectures. Providing technical leadership and driving enterprise standards for firewall and network security.
Network and Perimeter Security IT Specialist I at Enbridge overseeing enterprise security architecture and leading large - scale security initiatives. Collaborating across teams to ensure secure solutions and compliance.
Lead critical cybersecurity transformation programmes at Hewlett Packard Enterprise, ensuring alignment with enterprise priorities and delivering complex initiatives. Collaborate with IT, cybersecurity, and business leaders.
Staff Engineer responsible for designing scalable security solutions and collaborating with engineering at Twilio. Empowering security partnerships across products and platforms while mitigating risks.
Head of Infrastructure & Security responsible for cloud infrastructure on GCP and security programs. Leading SaaS development and technical teams at Rebus and Longbow Advantage.
Information Security Lead responsible for managing security programs at Dentons Canada. Overseeing security architecture, operations, incident response, and data protection initiatives.
Cybersecurity expert overseeing information defense, threat detection, and incident response at Investissement Québec. Leading security operations and leveraging AI for effective asset protection.
Lead cybersecurity initiatives and develop strategy for public broadcaster CBC/Radio - Canada. Shape technology road map, collaborate on enterprise architecture, and ensure policy compliance.
Senior Product Security Consultant at CENSUS LABS evaluating software security and threats. Responsible for validating security compliance and reporting on risks in complex systems.